It’s been a roller-coaster of a ride for the Three Strikes law in France. Nearly a year after the adoption of the three strikes law, things still have stalled with no letters being sent and no one being disconnected as a result of the law to this day.

Note: This is an article I wrote that was published elsewhere first. It has been republished here for archival purposes

Many people thought it was all over since the law was passed though, but evidently, the war to stop the law in any way shape or form raged on after final passage. More recently, the French governing party, the UMP, have expressed second thoughts on the law.

Now, if rights holders are hoping that, now, the warning letters would start flying right away, they’d be sorely disappointed. It turns out that implementation of the law is still stalled on technical grounds. According to 01Net (Google Translated), HADOPI, the authority looking over the operations of the law, has found itself having to launch a public consultation.

At issue is what the criteria is for maintaining a secure internet connection. At first, it doesn’t sound like having a secure internet connection has anything to do with disconnecting file-sharers, but the law depends on every internet user have a secure connection online. An IP address needs to accurately point to a particular individual and, for that to happen, everyone needs to have a secure internet address to avoid false accusations.

If you’re having a sense of de-ja-vu, the argument that there’s no way to determine for sure if an IP address is linked to a particular individual dates back to the beginning of the original litigation campaign against file-sharers in the US. This issue, in the US, hasn’t really been resolved in the last ten years and efforts to resolve such an issue is increasingly difficult with advent of Wi-Fi at people’s homes.

Specifically, what HADOPI is trying ask is what would count as a secure internet account/hot spot/address? What must the user do if he is accused of copyright infringement when his Wi-Fi is hacked? What counts as being negligent in securing said users Wi-Fi connection from hacking to help avoid a false accusation?

That is a very complicated question and it’s doubtful there will ever be an easy answer. First of all, we’re not talking about security experts securing a Wi-Fi point. We’re talking every day people and their Wi-Fi connection. Many people, to this day, barely know how to access their e-mail, let alone be able to encrypt a Wi-Fi connection.

Secondly, Wi-Fi hacking has become not only increasingly sophisticated, but increasingly easy. Currently, there are already out-of-the-box Wi-Fi Hacking tools circulating the streets of China already. With the right tools, someone could sit in an apartment building and have free access to dozens or even hundreds of Wi-Fi points.

Thirdly, hacking is always changing and security can only try and keep up with the latest forms of attacks to break in to a secure point. This means that security is always changing and improving. It’s a tall order to ask every French citizen to keep up with the latest ways of securing their Wi-Fi connection. Additionally, how does one set in stone guidelines to protecting a Wi-Fi point when not only security is changing, but also technology in general?

Overall, this is just another sign that a three strikes law is really a poorly conceived law and dedicated file-sharers will always find a way around it. The only innovation that will come out of all of this is ways to bi-pass the laws.